Creating a .csv configuration file

If you already have a .csv configuration file from your YubiKey provider, you can skip this section. You can create a .csv configuration file that contains the YubiKey token key material if you do not have one from your YubiKey provider. Yubico OTP is the only supported Yubico format.

About this task

Note: As described in the YubiKey documentation, the Yubico OTP generated by the Yubikey token represents a single authentication method. It is recommended that you use Yubico OTP with another authentication method.

To prepare the Yubico OTP token, complete the following steps:

Procedure

  1. Download and install the YubiKey Personalization Tool from the Yubico website https://www.yubico.com/.
  2. Insert the Yubikey token in a USB slot on a Windows system.
  3. Run the YubiKey Personalization Tool.
  4. Select the Settings tab.
  5. In the Log configuration output control, select Yubico format. This is the only supported format.
  6. Select the Yubico OTP tab.
  7. Click Quick.
  8. Select Configuration Slot 2.
    Start of change
    Note: You can use either slot 1 or 2 with IBM® MFA. However, slot 2 is recommended because it requires a long press, making it less likely that the Yubikey is accidentally triggered.
    End of change
  9. Click Write Configuration.
    The configuration information is stored in a format similar to the following example:
    7699966,tvhcjlhgucln,ba29fe0f63b4,3ae7fa1cd82885153a2ae8dea864a22b,
    000000000000,2018-08-23T16:06:21,
    
    where the first field is the serial number of the Yubikey token and the key material follows.
  10. Save the configuration file (.csv file) to a secure location of your choice that is accessible to the IBM MFA server system.
    Important: The configuration .csv file contains important key material. Save the file only in a secure location. A malicious actor could attempt to use the key material to gain system access.